Community discussions

MikroTik App
  4. RouterOS
  5. General

PPTP - external connection not working

Post Reply
 
gradash
newbie
Topic Author
Posts: 33
Joined: Mon Apr 20, 2015 11:44 am

PPTP - external connection not working

Fri May 22, 2015 3:14 pm

Hi, i have CCR and need to configure PPTP access from remote pc.
All configured as written in many manuals but connection working only from LAN
Maybe i have missed some firewall rule or NAT ? what i need to do to connect to PPTP from outter internet ?

Code: Select all
export compact
# may/21/2015 11:48:36 by RouterOS 6.27

/interface bridge
add name=LANWAN
/interface ethernet
set [ find default-name=ether1 ] comment=ISP1
set [ find default-name=ether2 ] comment=ISP2
set [ find default-name=ether3 ] comment=LAN
set [ find default-name=ether4 ] comment=WAN
/ip neighbor discovery
set ether1 comment=ISP1
set ether2 comment=ISP2
set ether3 comment=LAN
set ether4 comment=WAN
/ip pool
add name=dhcp ranges=192.168.30.50-192.168.30.250
/ip dhcp-server
add address-pool=dhcp disabled=no interface=LANWAN lease-time=1d name=DHCP
/port
set 0 name=serial0
set 1 name=serial1
/ppp profile
add local-address=192.168.30.1 name=pptp remote-address=192.168.30.40
/snmp community
add addresses=0.0.0.0/0 name=nemo
/interface bridge port
add bridge=LANWAN interface=ether3
add bridge=LANWAN interface=ether4
/interface l2tp-server server
set ipsec-secret=xxxxxxxxxxxxxx use-ipsec=yes
/interface pptp-server server
set default-profile=pptp enabled=yes
/ip address
add address=xxxxxxxxxxxxxx/29 interface=ether1 network=xxxxxxxxxxxxxx
add address=xxxxxxxxxxxxxx/30 interface=ether2 network=xxxxxxxxxxxxxx
add address=192.168.30.1/23 interface=LANWAN network=192.168.30.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.30.0/23 dns-server=xxxxxxxxxxxxxx gateway=192.168.30.1
/ip dns
set allow-remote-requests=yes servers=xxxxxxxxxxxxxx
/ip firewall address-list
add address=192.168.4.0/22 list=LocalNet
add address=192.168.30.0/23 list=LocalNet
add address=172.30.10.0/24 list=LocalNet
add address=192.168.0.0/23 list=LocalNet
add address=172.30.200.0/24 list=LocalNet
/ip firewall filter
add chain=input comment="Allow gre" protocol=gre
add chain=input comment="Allow port 1723" dst-port=1723 protocol=tcp
add chain=forward comment="Allow all subnets" dst-address-list=LocalNet \
    src-address-list=LocalNet
add chain=input comment="Allow ping" protocol=icmp
add chain=forward protocol=icmp
add chain=input comment="Allow estabilished" connection-state=established
add chain=forward connection-state=established
add chain=input comment="Allow related" connection-state=related
add chain=forward connection-state=related
add chain=input comment="Allow UDP" protocol=udp
add chain=forward protocol=udp
add action=drop chain=input comment="Drop invalid" connection-state=invalid
add action=drop chain=forward connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment=\
    "Masquerade out traffic ISP1" out-interface=ether1
add action=masquerade chain=srcnat comment="ISP2" \
    out-interface=ether2
add action=netmap chain=dstnat comment=\
    "NAT to web server at Web PC" in-interface=all-ethernet \
    protocol=tcp to-addresses=192.168.30.121 to-ports=80
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
/ip route
add check-gateway=ping comment="ISP1 Gateway" distance=1 gateway=\
    xxxxxxxxxxxxxx
add check-gateway=ping comment="ISP2 Gateway" distance=2 gateway=\
    xxxxxxxxxxxxxx
add comment="AMS1" distance=1 dst-address=172.30.10.0/23 gateway=\
    192.168.30.31
add comment="AMS2" distance=1 dst-address=172.30.200.0/24 gateway=\
    192.168.30.31
add comment="OFFICE1" distance=1 dst-address=192.168.0.0/23 gateway=\
    192.168.30.31
add comment="OFFICE2" distance=1 dst-address=192.168.4.0/22 gateway=\
    192.168.30.31
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl disabled=no
/ip upnp
set enabled=yes
/ip upnp interfaces
add interface=LANWAN type=internal
add interface=ether1 type=external
add interface=ether2 type=external
/ppp profile
set 2 local-address=1.89.168.192 remote-address=*3
/ppp secret
add local-address=192.168.30.1 name=vpnadm password=xxxxxxxxxxxxxx profile=pptp \
    remote-address=192.168.30.42 service=pptp
when i trying to connect i see this in Torch, but it disappears after 2 seconds:
Untitled.png
You do not have the required permissions to view the files attached to this post.
Top
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 287
Joined: Mon Oct 02, 2006 11:47 am

Re: PPTP - external connection not working

Sat May 23, 2015 4:47 pm

...too much information in your export...

What I wold do first is try to be sure that I have only one problem, so I would backup my router and start from scratch.
No bridges, no firewall ..... just basic configuration needed to connect private network to internet (ip addreses, dhcp, nat, default route)
After that see the Greg Sowell's video on youtube, https://www.youtube.com/watch?v=U-8RmkNpgWI and it just has to work.

Once you had it up and running add everything else you want step by step.

regards
Top
 
gradash
newbie
Topic Author
Posts: 33
Joined: Mon Apr 20, 2015 11:44 am

Re: PPTP - external connection not working

Sun May 24, 2015 9:01 pm

very dificult... because i have 24\7 office... but must be reason, why it working from LAN and not working from internet, maybe some specific PPTP routes or mangle rules need for 2 ISP's...
Top
Post Reply
  4. RouterOS
  5. General